Instead, criminals aim for identity theft, which allows them to assume the identity of the client and transfer funds out into a different account, going under the radar of SMSF firms on the lookout for suspicious external activity.

“Attackers wouldn’t necessarily go after superannuation funds to extract large sums of money in a single transaction because they know identity theft and assuming the identity of customers of those organisations would just be as successful,” he said.

Professor Warren said there is more than one route of attack facing trustees, but more often than not, the pathway is based around identity theft utilising a social engineering method.

“A social engineering attack is when you are trying to manipulate people’s actions in terms of a social context whether it’s via email, whether it’s phoning someone and pretending to be someone else or whether it is physically going into an organisation,” said Professor Warren.

“So in terms of threats you are not seeing one particular type of threat but you are now seeing the sophistication of attackers develop a number of different threat strategies into a single attack.”